<?php
include './include/common.inc.php';
include './include/user.class.php';
include './include/group.class.php';
include './include/group_extends.class.php';
include './include/role.class.php';
require '../include/form.class.php';

$user_db = new user();
$group_db = new group();
$group_extends_db = new group_user();
$role_db = new role();
$action = isset( $action ) ? $action : 'manage';
$forward = get_forward( 'user.php' );

$params = array();
array_push( $params, "status = 99" );
if( isset( $username ) && strlen( $username ) >0 )
{
    array_push( $params, "username like '%$username%'" );
}
$order = " ORDER BY listorder DESC, inputtime DESC";

$usertype_list = array( 1 => '超级管理员', 2 => '普通用户', );
$STATUS_LIST = array( STATUS_NORMAL => '终审通过', 1 => '待审', STATUS_DEL => '删除' );

if( $current_user === false )
{
	if( isset( $edufepm ) && $edufepm == 'iframe' )
	{
		$response->alert( '请您登陆后再访问' );
		$response->redirect( $base_dir . 'admin/login.php' );
		$response->execute();
	}
	else
	{
		showmessage( '请您登陆后再访问', $base_dir . 'admin/login.php' );
	}
}

switch( $action )
{
    case 'add':
        $have_perm = check_perms( 'U002' );
        if( isset( $_POST['username'] ) )
		{
            if( $have_perm === false )
			{
				$response->alert( '您没有权限进行此操作！' );
				$response->execute();
			}
            $userid_db = $user_db->get_userid( $username );//获取数据库中是否有该用户
            if( intval( $userid_db ) > 0 )
            {
                $response->text_alert( 'error','username','用户名称已存在,请重新输入' );
            }
			if( empty( $username ) || strlen( $username ) > 100 )
			{
				$response->text_alert( 'error','username','用户名称不能为空且长度不能大于100个字符' );
			}
            if( empty( $password ) || strlen( $username ) > 100 )
            {
                $response->text_alert( 'error','password','用户密码不能为空且长度不能大于100个字符' );
            }
            if( $password != $password2 )
            {
                $response->text_alert( 'error','password2','确认密码与设定密码不符,请重新确认' );
            }
            if( empty( $truename ) || strlen( $truename ) > 100 )
            {
                $response->text_alert( 'error','truename','真实姓名不能为空且长度不能大于100个字符' );
            }
            if( empty( $gid ) )
            {
                $response->text_alert( 'error','gid','所属用户组不能为空,请选择' );
            }
            if( empty( $rid ) )
            {
                $response->text_alert( 'error','rid','所属角色不能为空,请选择' );
            }
            if( empty( $usertype ) )
            {
                $response->text_alert( 'error','usertype','用户类型不能为空,请选择' );
            }
            if( !empty( $email ) )
            {
                if( !preg_match( "/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/", $email ) )
                {
                    $response->text_alert( 'error','email','请输入正确的EMAIL地址' );
                }
            }
			$response->real_execute();
			$params = array(
				'username'	  =>  $username,
				'password'	  =>  md5( $password ),
                'truename'	  =>  $truename,
                'groups'	  =>  implode( ",", $gid ),
                'roles'	      =>  implode( ",", $rid ),
                'usertype'	  =>  $usertype,
                'email'       =>  $email,
                'contact'     =>  $contact,
                'sex'         =>  $sex,
                'description' =>  $description,
                'status'      =>  99,
                'inputtime'   =>  date( "Y-m-d H:i:s" ),
			);
			$res = $user_db->add_user( $params );

            $u_id = $db->uuid();
            if(is_array($gid))
            {
                foreach ( $gid as $g_id )
                {
                    $group_extends_db->add_user( $u_id, $g_id );
                }
            }
            
			if( !empty($res))
			{
				$response->alert( '添加成功' );
				$response->redirect( urldecode( $forward ) );
			}
			else
			{
				$response->alert( '添加失败' );
				$response->script( 'self.location = self.location' );
			}
			$response->execute();
		}
		else
		{
            if( $have_perm === false )
			{
				showmessage('您没有权限进行此操作！');
			}
            $group_list = $group_db->get_groups_list();//获取所有组列表
            $role_list = $role_db->get_all_role_list();//获取所有角色列表
			include template( 'admin', 'user_add' );
		}
        break;

    case 'upd':
        $have_perm = check_perms( 'U003' );
        if( isset( $_POST['username'] ) )
		{
            if( $have_perm === false )
			{
				$response->alert( '您没有权限进行此操作！' );
				$response->execute();
			}
            $info = $user_db->get_user( $userid );//获取数据库中该用户的所有信息
            if( $info['username'] != $username )//如果修改了用户名，则检查数据库中用户是否存在
            {
                $userid_db = $user_db->get_userid( $username );
                if( intval( $userid_db ) > 0 )
                {
                    $response->text_alert( 'error','username','用户名称已存在,请重新输入' );
                }
            }
			if( empty( $username ) || strlen( $username ) > 100 )
			{
				$response->text_alert( 'error','username','用户名称不能为空且长度不能大于100个字符' );
			}
            if( empty( $old_password ) )
            {
                $upd_password = $info['password'];
            }
            else
            {
                if( md5( $old_password ) != $info['password'] )
                {
                    $response->text_alert( 'error','old_password','输入的原密码不正确' );
                }
            }
            if( !empty( $password ) )
            {
                if( empty( $old_password ) )
                {
                    $response->text_alert( 'error','old_password','请输入的密码' );
                }
                if( md5( $old_password ) != $info['password'] )
                {
                    $response->text_alert( 'error','old_password','输入的原密码不正确' );
                }
                if( strlen( $old_password ) > 100 )
                {
                    $response->text_alert( 'error','old_password','用户密码长度不能大于100个字符' );
                }
                if( empty( $password ) || strlen( $password ) > 100 )
                {
                    $response->text_alert( 'error','password','用户密码不能为空且长度不能大于100个字符' );
                }
                if( $password != $password2 )
                {
                    $response->text_alert( 'error','password2','确认密码与设定密码不符,请重新确认' );
                }
                $upd_password = md5( $password );
            }
            else
            {
                $upd_password = $info['password'];
            }
            if( empty( $truename ) || strlen( $truename ) > 100 )
            {
                $response->text_alert( 'error','truename','真实姓名不能为空且长度不能大于100个字符' );
            }
            if( empty( $gid ) )
            {
                $response->text_alert( 'error','gid','所属用户组不能为空,请选择' );
            }
            if( empty( $rid ) )
            {
                $response->text_alert( 'error','rid','所属角色不能为空,请选择' );
            }
            if( empty( $usertype ) )
            {
                $response->text_alert( 'error','usertype','用户类型不能为空,请选择' );
            }
            if( !empty( $email ) )
            {
                if( !preg_match( "/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/", $email ) )
                {
                    $response->text_alert( 'error','email','请输入正确的EMAIL地址' );
                }
            }
			$response->real_execute();
			$params = array(
				'username'	  =>  $username,
				'password'	  =>  $upd_password,
                'truename'	  =>  $truename,
                'groups'	  =>  implode( ",", $gid ),
                'roles'	      =>  implode( ",", $rid ),
                'usertype'	  =>  $usertype,
                'email'       =>  $email,
                'contact'     =>  $contact,
                'sex'         =>  $sex,
                'description' =>  $description,

			);
			$res = $user_db->edit_user( $params, $userid );

            foreach ( explode( ",", $info['groups'] ) as $groupid )
            {
                $group_extends_db->del_user( $userid, $groupid );
            }
            if(is_array($gid))
            {
                foreach ( $gid as $g_id )
                {
                    $group_extends_db->add_user( $userid, $g_id );
                }
            }

			if( !empty($res) )
			{
				$response->alert( '修改成功' );
				$response->redirect( urldecode( $forward ) );
			}
			else
			{
				$response->alert( '修改失败' );
				$response->script( 'self.location = self.location' );
			}
			$response->execute();
		}
		else
		{
            if( $have_perm === false )
			{
				showmessage('您没有权限进行此操作！');
			}
			$info = $user_db->get_user( $userid );
			if( !isset( $info['userid'] ) )
			{
				showmessage( '要编辑的用户不存在' );
			}
            $group_list = $group_db->get_groups_list();
            $role_list = $role_db->get_all_role_list();
			include template( 'admin', 'user_upd' );
		}
        break;

    case 'del':
        $have_perm = check_perms( 'U004' );
        if( $have_perm === false )
        {
            $response->alert( '您没有权限进行此操作！' );
            $response->execute();
        }
		$info = $user_db->get_user( $userid );
		if( !isset( $info['userid'] ) )
		{
			$response->alert( '要删除的用户不存在' );
			$response->execute();
		}
		$res = $user_db->del_user( $userid );
		if( $res == false )
		{
			$response->alert( '删除失败' );
		}
		else
		{
			$response->alert( '删除成功' );
			$response->script( 'self.location=self.location' );
		}
		$response->execute();
        break;

    case 'del_all':
        $have_perm = check_perms( 'U004' );
        if( $have_perm === false )
        {
            $response->alert( '您没有权限进行此操作！' );
            $response->execute();
        }
        if( isset( $_POST['uid'] ) )
		{
			foreach ( $uid as $id )
			{
				$user_db->del_user( $id );
			}
			$response->alert( '删除成功！' );
			$response->script( 'self.location=self.location' );
			$response->execute();
		}
		else
		{
			$response->alert( '请选择要删除的用户' );
			$response->execute();
		}
        break;

    case 'listorder':
        $have_perm = check_perms( 'U005' );
        if( $have_perm === false )
        {
            $response->alert( '您没有权限进行此操作！' );
            $response->execute();
        }
        $result = $user_db->listorder( $listorder );
		if( $result )
		{
            $response->alert( '修改成功' );
            $response->redirect( urldecode( $forward ) );
		}
		else
		{
			$response->alert( '修改失败' );
		}
        $response->execute();
        break;

    case 'search':
        $url = 'user.php';
		$url .= isset( $username ) && !empty( $username ) ? '?username='.urlencode( $username ) : '';
		$response->redirect( $url );
		$response->execute();
        break;

    //用户修改密码
    case 'changepwd' :

        if(isset($submit))
        {
            if(empty( $old_password ))
            {
                $response->text_alert( 'error','old_password','请输入原密码' );
                $response->real_execute();
            }
            $userdata = $user_db->login( $current_user['username'], md5($old_password) );
            if(empty($userdata))
            {
                $response->text_alert('error','old_password','原密码不正确');
                $response->real_execute();
            }
            if( empty( $password ) || strlen( $password ) > 100 )
            {
                $response->text_alert( 'error','password','用户密码不能为空且长度不能大于100个字符' );
                $response->real_execute();
            }
            if( $password != $password2 )
            {
                $response->text_alert( 'error','password2','确认密码与设定密码不符,请重新确认' );
                $response->real_execute();
            }
            $upd_password = md5( $password );
            $result = $user_db->edit_user(array('password'=>$upd_password), $userdata['userid']);
            if($result)
            {
                $response->alert('更改成功');
                $response->script('self.location=self.location');
            }
            else
            {
                $response->alert('更改失败');
            }
            $response->execute();
        }
        else
        {
            include template('admin', 'user_changepwd');
        }
        break;

    case 'manage':
    
    default:
        $have_perm = check_perms( 'U001' );
        if( $have_perm === false )
        {
            showmessage('您没有此项操作权限！');
        }
        $page = isset( $page ) ? intval( $page ) : 1;
		$page = max( $page, 1 );
        $pagesize = 10;
		$user_list = $user_db->get_list( $params, $order, $page, $pagesize );
        $user_pages = $user_db->pages;
        $forward = make_forward();
		include template( 'admin', 'user_manage' );
        break;
}

?>
